EUVD-2023-30038

Malicious code in bioql PyPI...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

The vulnerability of Barracuda CloudGen WAN’s web interface allows a attacker to execute arbitrary commands.

The vulnerability of the Barracuda CloudGen WAN web interface is related to insufficient protection of the web page structure when processing the end point /ajax/updatecertificate. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted HT...

Barracuda CloudGen WAN OS Command Injection Vulnerability

Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/updatecertificate endpoint. Versions prior to v8. hotfix 1089 are affected...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

Command injection

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

CVE-2023-26213

Barracuda CloudGen WAN Private Edge Gateway devices prior to version 8 (specifically before 8 webui-sdwan-1089-8.3.1-174141891) are affected by an OS command injection in /ajax/update_certificate. An authenticated attacker can craft a request (e.g., using shell metacharacters in name/password fie...

Barracuda CloudGen WAN OS Command Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: v8. hotfix 1089 fixed version: v8. with hotfix webui-sdwan-1089-8.3.1-174141891 or above version...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

Barracuda CloudGen WAN 操作系统命令注入漏洞

Barracuda Networks Barracuda CloudGen WAN is Barracuda Networks' tool for easily connecting all your locations to the Microsoft Global Network via Azure Virtual WAN. A security vulnerability exists in versions prior to Barracuda CloudGen WAN Private Edge Gateway devices 8...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

Barracuda and Microsoft: Removing security barriers to faster public cloud adoption

Barracuda’s CloudGen Firewall is tightly integrated with Microsoft Azure Virtual WAN, Azure Active Directory Azure AD, Azure Security Center, and Azure Sentinel. Integrated into Azure, Barracuda’s networking and security capabilities enable customers’ secure infrastructure migrations and the use ...